On March 20th, sensitive information was leaked from ChatGPT, a popular chatbot, according to operator OpenAI. Users were able to view other people’s requests that suddenly appeared in their own history due to an error in the Redis client’s open-source library. Additionally, personal data of users of the paid Plus subscription was also visible.
OpenAI had to take the ChatGPT chatbot offline following the incident. Some users were even able to view the first and last names, email and payment addresses, along with the last four digits of active user’s credit card numbers, and the expiration date. However, the full credit card numbers were never disclosed.
OpenAI believes that only a few users’ data was passed onto third parties, and there are no indications that this occurred before March 20th.
The company has worked in collaboration with Redis developers to fix the data leak using a patch. They have also stated that only a small number of Plus subscribers were affected by the incident. OpenAI has contacted those affected to inform them of the incident and assure them that there is no risk to their data.
ChatGPT is one of the fastest-growing innovations in the digital world. The chatbot has answered millions of questions and has over 100 million active users worldwide. The paid Plus subscription that launched in Germany in February of this year offers customers more stable access for around 20 euros.
This incident serves as a reminder about the importance of data privacy and the need to put effective measures in place to prevent data breaches. Companies must take responsibility for the security of their users’ data and ensure effective cybersecurity measures are in place to prevent these kinds of incidents.
